Skip to main content

tv   Witnesses Warn Electromagnetic Pulse Attack Could Damage U.S. Electric Grid  CSPAN  May 5, 2017 3:11am-5:09am EDT

3:11 am
alaska senator lisa murkowski chairs this two-hour hearing. >> morning. the committee will come to order. i would like to welcome everyone to the energy hearing this morning. we are here to examine the
3:12 am
threat as it is posed by the electromagnetic pulse as well as policy options to protect energy infrastructure and provide restoration in the event of an attack. the united states has recognized a potential attack as a national security threat for decades and our efforts to understand the potential is certainly not new. the department of defense and national labs have been grappling with 1 degree or another since we first started testing nuclear weapons. since the tests in the 1950s and 60s examined the potential impact of the burst on both military and civilian infrastructure however, today there is a renewed focus on understanding the effects of such an attack and increase in efforts at mitigating and recovering from such an event should occur. this issue is more salient now than ever for several compelling reasons. first the proliferation of nuclear technology which no
3:13 am
longer limits to the u.s., russia, china, the uk and france. others tested nuclear weapons and missiles. nations such as north korea may already have or be close to obtaining these capabilities. we must also be mindful of the potential for a nonstate actor to obtain a nuclear device. and while the ability to use the missile as a delivery vehicle for the high altitude attack would likely be more limited, we know that it cannot be ruled out. second, the proliferation of electronics in today's society just about everyone in this room i would venture to say he has a smart phone and that is just the start and we return on electricity to function. this is magnifie has magnified t compared to the potential impact in the 1960s that a burst could now have on the electric grid and technologies that rely on electronics and on our daily
3:14 am
lives. we must recognize from the start of the discussion that the but e threats posed by an attack is a matter of national defense. if our nation from a missile carrying a nuclear warhead is clearly beyond the scope of the energy infrastructure and regulators but nevertheless, these institutions do have a role in protecting critical energy infrastructure and providing the restoration. as the owners and operators of the assets the utilities must assist in understanding how the electric grid works. for its part, governments must share its knowledge and expertise with the industry on a timely basis and approve or direct print and reliability standards as it is warranted. there is no way around this. on the one hand, we have defense and national security personnel who are familiar with the effective date destination but are not responsible for the complexities of keeping the lights on.
3:15 am
on the other hand, professionals in the power sector though the grid are not familiar with the characteristics of a nuclear detonation. it is critical that the electric industry and government improve upon the mutual understanding and trust because it is essential to the productive relationships that are necessary to improve our ability to respond to other potential high-impact low-frequency events. both camps must work together to share information and expertise. the others must embrace a new paradigm for considering and addressing security threats and the design and operation of electric systems. responding to an emp thread is an area where like cybersecurity it is the subject of another recent hearing we had. stronger public-private partnerships are needed and capabilities must be improved.
3:16 am
we will consider as a policy matter whether the appropriate federal agencies have the authority that the need to address this potential threat and whether additional authorities or direction is needed. back in 2005, we established authority for the electric reliability organization through an informed stakeholder process subject to the approval mandatory, physical and cyber security standards for the industry. more recently in 2015, congress codified the doe is the sector specific agency for energy, critical infrastructure and provide the secretary with the emergency authority to address a host of threats, cyber, physical, geomagnetic. so, we have taken some steps many arguing to believe those steps are not and that we still have a great deal of work in this area. today we considered the distinct points of view of emp brought --
3:17 am
received from each of you and i will now turn over to my colleagues. >> thank you for scheduling a hearing. the electric grid is essential to our lives and the lifeblood of the economy with the fate depending on access to electricity is responsible to make sure they are prepared to withstand many threats including natural disasters including those caused by changes in climate and extreme weather, physical attacks, cyber attacks, geomagnetic disturbances coming electromagnetic pulse. so, we must continue to identify and evaluate the threats in the system as well as the appropriate investments in technology and the efforts to reduce these threats. threats to the greater measured by probability and severity of impact. we must prepare and protect all but the most prioritized based on the likelihood of the occurrence and severity of the
3:18 am
impact. the electromagnetic pulse attack are considered a high impact will probably threats as i think mr. manning and the testimony indicated. we do not yet have the concrete analysis necessary to understand the threat, identity and effective solutions. as a result in 2001, congress established the commission to access the thread from the electromagnetic pulse to establish the commission and department of homelanthedepartmy developed guidelines to help federal agencies identified as options to protect critical equipment and facilities and communications and data centers from these attacks. the department of energy and the electric power research research institute and have both engaged in studying the threat and releasing action plans for both government and private industry. the department of homeland security and the defense and energy including the labs are actively engaged in studying the effects and identifying the proactive measures to help mitigate the threat.
3:19 am
as mr. manning has noted, solutions to the high altitude threats to the grid are not well understood. much of the available information is not specifically tied to the utilities making it difficult for the utilities and regulators to identify the options for protecting the infrastructure so i am pleased the work is underway by both the industry and the government can identify the options. i also want to say that it is the likelihood and occurrence and severity and warming climate as a threat to the infrastructure with rising sea levels, storm surge, and the surface temperatures have a substantial increase in hurricane activity in the atlantic and severity of the storm threats on the grid. in 2012, hurricanes and the tour through the east leaving a path of wreckage, rainfall and knocking down power lines leaving 88.5 million homes and
3:20 am
businesses in 16 states without power. in a state of washington we have seen extreme weather changes. we had landslides, sea level rises and draft the tenth forest fires threatening the grid in 2014 large fires and control washington distracted with over 3,000 customers without power. i should say the cost is how much was actually burned up in the fire with a substantial investment has been made by the utilities in that region and finally, i would like to talk about the issue of cybersecurity the chair mentioned. while we've never experienced a high altitude attack, the severity of the successful cyber attacks on the grid are growing, and it is significantly more likely that it's being tested cyber vulnerabilities every day by our adversaries. in fact russia is believed to
3:21 am
have deployed a cyber weapon shutting down 2015 and 2016 and this year i asked the administration to protect making sure we zero in on the appropriate asset and i sent a letter to the administration and to the department of energy to assess the capabilities of some of these particularly in their ability to hack into the energy infrastructure, and i am looking forward to getting a response since it has been several weeks since we've seen that letter. it's widely known that the united states is a constant threat from cyber attacks and many of those experts have come to the same conclusion. it is not an if, but when the massive attack on the grid will occur. in fact, the former director of national intelligence, general clapper stated that it's now a threat to national security, so i'm glad we are holding this
3:22 am
with emp being one of them but we will also make sure to focus on cybersecurity. i know we have had a hearing and other committees also had cybersecurity hearings. so i think everybody is waking up to the facts and obviously, madam chair, us passing the bill out of the senate but has failed to act in the house was also a major cybersecurity provision. so i hope that our colleagues will open up to the possibility of this and they look forward to hearing from our witnesses and thank you for the hearing. >> thank you, senator. we are joined this morning by a very distinguished panel. i welcome you all. the panel will be landed this morning by the honorable chairman of the federal energy regulatory commission. she's been a member since 2010. we appreciate all that you do on that very important commission and we would like to get you a
3:23 am
form so you can be working every day that we ar but we are pleasu are here this morning. the chairman will be followed by a man who is well known up here on capitol hill. it is a pleasure to welcome you to the committee. the chairman of the board and former speaker of the house. he's been a leading voice on the issues and the dangers so we are very pleased to have t you prove your insights this morning. following the speaker is ambassador henry cooper, director of the strategic defense initiative organization. he was president ronald reagan's chief negotiator at the defense and space talks. it's nice to have you be part of the committee. welcome. kaitlyn is the director and prior to joining she served as the assistant secretary for
3:24 am
infrastructure protection for the department of homeland security under president obama. it's nice to have you here. mr. robin manning currently serves as the vice president of transmission and distribution at the electric power research institute where he oversees research and development activities. we thank you for your leadership and the panel will be rounded out serving as the ceo and administrator of the system. also the vice chair of the electricity coordinating council. we are pleased to have you all here and we would ask that you limit your comments to five minutes at your statements will be included as part of the record. if you would like to start off, please. >> good morning and thank you. ranking member and members of the committee, i appreciate the opportunity to appear before you today to discuss electromagnetic pulse threats to the grid in the
3:25 am
united states. i very much appreciate your attention to this issue. the federal trade commission plays a key role in the oversight of the grid reliability. in 2005, congress entrusted to enforce mandatory reliability standards for the nation's power system. under the statute, the oversees the north american electric reliability corporation and developing standards to protect the reliability and security of the grid. in addition to the work on mandatory standards, wa which ao supported the security through collaborative efforts with federal agencies, states and industry stakeholders. this work is particularly well-suited to the evolving threats that require action more quickly than the standard can be written and as it is noted in public-private communication is critical.
3:26 am
the industries over the last decade have put in place a robust set of baseline standards to address a wide range of issues. in recent years we have been particularly focused on emerging threats to the security including cybersecurity, physical security and the risk associated with the geomagnetic disturbances. geomagnetic disturbances in the system can be caused by two different ways. naturally occurring disturbances from solar activity and then made events. emp can be generated by those that range from small units all the way to the detonation of nuclear weapons into the upper atmosphere. there's a short high-energy blues to be traversed -- high-energy bursts similar to lightning and the third effect,
3:27 am
e3 generates the power lines and equipment which can then damaged equipment such as transformers. in the case of the naturally occurring solar magnetic disturbances, periodically disrupt the magnetic field which in turn can induce the grid may cause or destroy over the large geographic areas. they are similar in character and affect the final days of the e3. first, ferc directed the development of the standards that could help to mitigate based on the one in 100 year solar storm benchmark event. second, directed the development of a physical security standard
3:28 am
now infected and in place that can help protect against attacks from small portable devices that require proximity to their intended targets. third, they supported efforts to protect the grid and the resilience of the grid against all risks which improves the ability to respond and recover from the major events whatever the cause. mandatory reliability standards require backup capabilities for the loss of critical assets which reduces a potential for cascading outages. ferc issued orders on the transformer equipment program that her efforts to protect customers from prolonged outages by providing electric utilities, timely access to emergency transmission equipment that otherwise would take months or longer to acquire. as i expect we will discuss
3:29 am
today, ferc has not directed to develop a specific standard, specifically targeting emp. to be clear i believe this is the result of the recent consideration of the issue not a lack of attention to address the threats. although much work has been done, there remains a significant amount of scientific research and debate underway about how the compliment affects the electric grid. the. of how best to target the actions to mitigate them. they are currently engaged in these efforts to understand and
3:30 am
address the threat as more fully detailed in the recent testimony. those efforts fail and must continue, and i am confident that should be determined at reliability standard is warranted and it will exercise its authority and require one as it has with other threats like the physical security. thank you for the opportunity to testify. and i will look forward to your questions. >> i commend you for putting time in on this. i want to focus back on the consequence. a good friend of mine and co-author of several novels wrote one called one second after which is the study of a small town in north carolina during the year after electricity was knocked out by an attack. and it's really worth looking at because was we take electricityr granted.
3:31 am
and even relatively short outages as we had in april, new york, san francisco and los angeles, people are inconvenienced but it turns out it's for a wide range of things that require refrigeration and the minute you start knocking out the system there is a cascade of consequences and we've known something could happen that has an effect. we found that there could be a man-made event that knocks out the electricity. the challenge we have is that it is actually designed for efficiency and it's a remarkable achievement. problem is efficiency leads to
3:32 am
fragility so from your perspective, you both have to look at the noble points which would be knocked out physically or by a local emp. you then have to look at cyber attacks. the grid is vulnerable and if somebody were to methodically come in here and find the points you could knock out if you have a catastrophic effect because it would've been a cascade of systems shutting down. if you then look at the effect potentially coming for talking about a catastrophic event from which you couldn't recover for years. so a couple quick things. one, the congress should look at emp attacks as one of the three great attacks to the survival, the others being cyber warfare and nuclear weapons. and they should regard all three as catastrophic.
3:33 am
for us to survive as a civilization, we have to be able to feed all of those threats. the tube, congress should communicate a sense of urgency. there is a lot of people doing a lot of good things in a relatively leisurely pace and trying to be reasonable. if you work back from consequence, you rapidly become unreasonable because the consequences are so horrible. this is like 9/11. tom clancy has written about this a decade earlier but nobody wanted to cut through and say what would you have to do to stop that from happening. after the event, we did all sorts of things to make a takeover. but in the same boat right now here we are gambling our civilization. this is bigger than 9/11. homeland security and the department should have some
3:34 am
games and they should look for the key points where you could begin to fix the system to make the system more resilient and difficult to take out. i would look at the new infrastructure built to consider having a substantial part of a national security infrastructure component. number three, if you were to go through and cut out a lot of the red tape, the time value of money that you could save with probably more than pay for everything you are going to ask them to do. so, very practical things can be done. done. you need to somehow communicates to the executive branch we need a sense of urgency and we need to understand every morning that we get up we are a step away from capacity and i note that they've estimated it's different
3:35 am
than man-made nonetheless equally dangerous. the potential is the effect is about 12% per decade that is now overdue from that happening and it happened to be out of the position for the solar flare that missed us. but that should give a reminder. look back from the consequences. when you have a high likelihood that over the next 20 or 30 years something this confidential could happen, there has to be a sense of urgency because it does occur it could t could and the civilization as we know it. >> thank you very much for your comments and reminding us of the imperative here. ambassador cooper, welcome.
3:36 am
>> i appreciate the opportunity to testify before you today on my views. actually, speaker newt gingrich covered a lot of my material which is a good thing because i wasn't sure i could get through even my abbreviated comments here. i guess i would like to say we are living for th through the mt dangerous period of my lifetime but the vulnerability of the national electric hargrave is the most important. and we are collectively continuing to take countermeasures to deal with it. it's the executive and legislative branches that i am now spending most of my time working with private citizens, local and state authorities and some people in the power
3:37 am
industry to begin working this problem from the bottom up believing that if enough of our citizens have a real understanding of the issues and how they can must be addressed at the local level and then they will begin to do the right thing at addressing the urgent problem. i went through another set of issues in my summary comments that have been covered already that i want to skip over and turned to the comments written by the chairman of the commission which was started as minogue ba way to congress to dh these issues in a letter to the secretary of energy. these are their comments i want to make clear i share their views for a lot of reasons but these are their comments.
3:38 am
they view the current efforts to address the national threats that are producing grossly inadequate standards for protecting the grid. to quote the chairman who is a colleague of mine for many years he further noted the concern over the misleading and erroneous studies by others that underestimate the natural threat from solar storms and has become the basis for the inadequate standards approved. perhaps more importantly he noted the concern that the 2014 obama administration intelligence community assessment of the nuclear threat is profoundly erroneous and perhaps the worst ever produced on emp and that has been used to thwart efforts to protect against nuclear emp. by dismissing the threat despite
3:39 am
overwhelming evidence to the contrary, he also noted that the nuclear emp is the ultimate cyber weapon threat and the military plans of russia, china, north korea will see a decisive new revolution in military affairs as a consequence. he indicated when the commission is also very concerned on the stufthisbut he's recently comply the industries electric power research institute and grossly underestimate the nuclear threat these and other bureaucratic issues led me a couple of years ago to lose confidence that we were ever going to do wit deal h this problem from the top down and i decided to try to work it from the bottom up.
3:40 am
my written testimony goes into some detail discussing the work i am doing along with duke energy engineers. as you know it is among the largest if not the largest energy company in the nation. we are working at a pilot study in gadsden county and north carolina and of course the corporate headquarters are in the county whic which is the ner to the two counties and we are engaging with local authorities particularly the folks in the bedroom community for charlotte as well as an important area of its own. this is important because the nature of the grid as i'm sure you know it's a crazy patchwork of co-ops and electric utility companies across the nation.
3:41 am
unless they are actively involved in providing the loading conditions that they can and will need to produce the power indicated to the local subscribers, then we will have the consequence that the speaker referred to earlier. water and wastewater is a key matter for example duke energy doesn't provide electricity to the wastewater operations provided by different utilities. and unless that utility is working hand-in-hand with duke, you will have hospitals running out of electricity very shortly. and as i understand it, without water, those hospitals will be experiencing death within hours. so this is an important issue and i would urge you to have the commission which in my view is
3:42 am
the nation's top authorities and many were involved from the earliest days dealing with this issue and that is where the expertise originally has been. the dod is not particularly helpful in this problem today aninto the department of energy while i have great respect for the engineers and laboratories reinventing the lessons that were learned in the better part of a half a century ago and it is absurd in my judgment that we find ourselves in this situation and i hope the committee can help deal with communication problems within the executive branch as well as help us work this problem from the bottom up. >> thank you, ambassador. >> good morning madam chair and members of the committee thank you for inviting me to testify on protecting the infrastructure from the threat posed by the pulse.
3:43 am
i had the honor of serving eight years in the national protection program at the department of homeland security. first chief of staff from 2012 to january of 2017 as the assistant secretary of infrastructure protection. he leads a national effort to protect and enhance the resilience of the nation's physical and cyber cyberinfrastructure. over my nearly 20 years i've seen critical infrastructure, public and private risk management redefined to address the complex issues from violent extremism to complex attacks. cybersecurity and gps resilience, extreme weather and electric and geomagnetic disturbances. i've cochaired the tas task fors that have integrated into the government strategies including those that are most relevant here today at the joint u.s.
3:44 am
canada strategy and the national space weather strategy. there is no doubt that we live in a dangerous world. state and nonstate actors and promulgate or is that this information are growing in. borders no longer protect us whether the shores or fences and walls of the organization we've built a complex ecosystem where the disruption can ripple across the system and they are not bound to one sector or industry. nor can we protect against every building our system and network. our country is too big and the infrastructure is interdependent and cost is too expensive and the outcome would alter our way of life. this is why we are in the business of risk management. think where they are increasing likelihood prospectively. the denial of service attack is probable that the impact in its
3:45 am
operations are minimal. most natural disasters are high likelihood and low consequence. this super storm is an exception with a low likelihood and a high consequence. a cyber attack against the system like the december 2015 attack on the ukrainian power grid, lower probability but certainly more consequential. in 1859 as the speaker said we are long overdue and so i would say that it's more likely and certainly high consequence there are half a dozen more risks on that matrix including the high altitude electromagnetic pulse and we place it at a very low probability but high consequence. all of the risks must be managed and since critical infrastructure is owned and operated there are finite resources in the world where you have a business to operate with regulatory costs and recovery just to name a few.
3:46 am
i want to be clear w we haven't ignored the threat and the industry and government are working hand-in-hand to better understand the impact. the work is critical to understand how the systems would be affected. this modeling can help inform where investment in shielding would have a maximum value and what operational procedures and mitigate the collapse. in much of this effort it can be applied to mitigate the consequences where we will have time to put measures in place and manage the load thanks to improved space weather forecast and alerting. equally important is the fact that we understand emp like many threats and hazards. disruption to communication during incidents hampered the response and restoration efforts and malicious acts understand this and mother nature is understrength. there's there is a debate aboute sophistication of the attack in silicon valley but the
3:47 am
perpetrators knew enough to cut the lines that controlled the downstream communications. the denial of service attack hampered the ability of customers to call and talk to each other in the ukrainian incident. it will impact the communication systems and data centers and therefore command control. the credit is looking beyond prioritized calling services contingency plans but it illustrates why we cannot take a silent approach to understand the vulnerability is caused. this risk environment is what has given way to the public-private partnership and while the government brings important capabilities to table an information sharing, research and modeling is heavily invested in ensuring its reliability and resilience. they have their bottom line and their industry and it's why the strategy for electric grid security, the national space
3:48 am
weather strategy at the joint electric magnetic poles resilient strategy and corresponding action plans are critical. they lay out high-level goals to guide the action and accelerate recovery from these type of events. in conclusion we are managing a risk environment and cannot protect against every threat. there is no one-size-fits-all approach. the solution requires the risk based approach focused on mitigation planning and investment in a modern secure infrastructure that is resilient to the threats of today and tomorrow. thank you and i look forward to your questions. >> good morning. i want to share with you a bit about history if i can. i am a vice president for electric power research institute also spent 30 years at
3:49 am
duke energy and another six at the tennessee valley authority and through this time, my responsibility with leading construction of creation and maintenance energy infrastructure so as the chairman put it earlier i kept the lights on across the united states and as the leader of the organization and the 2008 and 2009 timeframe i read the report, i struggled to understand how i could take a plethora of information that was available and practically apply it to create a plausible approach for risk management associated in the systems and that is exactly what we are attempting to do as we are now one year into a three-year research project that began in april, 2016. the object is to develop cost-effective mitigation tools to develop recovery options for utilities and to form a basis
3:50 am
for the decision making that provides utilities like the information that is necessary to effectively protect their customers from the threats. the project now has financial support from 57 u.s. utilities making this project one of the most widely supported collaborative effort. we are also collaborating closely with the department of energy and national labs and the u.s. department of defense. we have seven tasks on the project. many are being completed in parallel with various expected completion dates over the two years in the project. we are seeking greater characterization of the threat as it relates to the infrastructure. we are investigating specifically how it topples with the power systems and we are testing that to understand at what level did we begin to see damage, then we are combining the threats and vulnerabilities to understand the more complete picture of the holistic picture
3:51 am
of the impact and infrastructure. together, this information provides methodologies and tools to support the risk informed decisions and of course, it is our intention to communicate research findings through public policy makers and other stakeholders throughout the process. for example in february we released a report assessing the impact of the generated energy wave on the bulk power transformers. we advanced a series of nuclear blasts across the united states and ss the value of each of those and use advanced techniques as well as conservative assessment criteria and engineering judgments throughout and the result of the study indicated that the damage in large number for the power transformers is unlikely. even so, the resul results of te assessment should be interpreted to mean it wouldn't add a
3:52 am
reliability. the potential for the widespread outages or the combined effect are still being investigated and certainly impacts are real however evaluating the effect of such events on complex systems like the electric power grid requires concrete scientifically-based analysis for people who understand the power system with a greater understanding of the mitigation and/or recovery options to be developed. to the electricity sector the public policy makers and other stakeholders to enable safe, affordable, reliable and environmentally responsible electricity to the people of the
3:53 am
united states. thank you for your time and that completes my testimony. >> chairman, ranking member, and members of the committee thank you for giving the opportunity to testify today. i am testifying on behalf of the association on the board of directors i serve for the non- for profit committees and also serveserve as the coordinating council which is made up of 30 associations and serves as the liaison in the federal government on policy level security issues. the sector takes very seriously the threat of electromagnetic pulse and if you consider the reliability as we do that is the primary objective in the first
3:54 am
place. i want to emphasize the opening comments that it is an event for the federal government take it very seriously to develop how he might mitigate that. the technical impact of the event is uncertain, though through a collaborative effort as it is mentioned with the power research institute and federal government we are conducting research to gain more information to look for that identification. the protective device is to survive however there is no consensus on what should be taken at this point and the unintended effect of that type of protection on the grid or how successful it would be if we tried at this time.
3:55 am
all additional costs would have to be directly passed to the customers and it could be installed to protect the entire grid. it would likely be disrupted by the event in the political impact for other critical infrastructures as it is mentioned by the utilities to provide services. emp are one of many threats to confront as other witnesses identified including the weather events, disturbances, cyber and physical attacks. the industry understands we cannot protect all assets and instead we must manage that risk. we must follow the approach for the protection. this event is a high impact will probably threat. we take these very seriously that we must consider them in
3:56 am
the context for all threats. the cyber attack aimed at disrupting would be relatively cheaper and easier to deploy the type of weapon. so we must place more effort on a this risk given that we cannot protect from all the potential threats, we focus on all recovery is regardless of the cause of damage and preparations to ensure the litigation, response that are the same. we must prioritize the asset protections and engineer stockpile despair a clement and is also mentioned there are several programs that are ongoing with respect to that capability given these new threats. we are working on multiple fronts to increase the scientific understanding of the impact and as policymakers, there are several ways that you can support that effort.
3:57 am
first, the commission should be directed to work with others in the critical infrastructure to help assist. cooperation between the experts in that the best product. we need to ensure classified reports produced are available and can reflect what we are trying to evaluate as we can come up with the best solution and this is an extremely complex issue that cannot be solved with a one-size-fits-all. the directive could have unintended consequences with no associated value. similarly, protecting the standards in the process put into place a policy act of 2005 is critical. this produces standards based upon the input when it comes to
3:58 am
complex systems. thank you for the opportunity to testify. let me start with a question to you all. is it fair to say that you would all agree it's in the first instance a threat to the national defense, do we agree that is what we are dealing with? >> yes. >> okay. we have agreement. now the question is what we do with it. and i do appreciate the suggestions that have been laid down here and how we can work to protect and make more resilient you mentioned the prospects for the infrastructure package at what we might be able to do in the context of national
3:59 am
security. it begs the question there is not a one-size-fits-all that is their commercial technology to protect against attacks and if not, what are the barriers to deploy the technology as the cost has been mentioned specifically. how prepared are we, do we have something we could lay down that could be constructive? i will let anybody try this one. >> i want to make a point about where we are asked. we have done an extraordinary job operating off of the paradigm of efficiency to create a system.
4:00 am
it is extraordinary. we now have to shift from that model to a model that says he wants resistance, redundancy and resilience. then you have to create i and is modeling what would the system look like. and it's not a situation where you get a choice. you have to say i'm going to take the risk of being destroyed by cyber. you have to look at all the major threats and figure out what the noble points are against all of them and then design a policy to fit. this will be a more expensive system then you have to find out as a national defense requirement.
4:01 am
just in cutting the red tape you can save an enormous amount that the industry would be happy to put that money back into eight recently and system but you also have to ask the question it ought to be setting the deadline implementation because we have known since 2004 that they've given this capability and we've known since the 1990s that the chinese have been developing this capability and capacity for the satellite to have a weapon is a danger in real time today so i think that it is a wartime emergency setting this up and to your point in some areas we do not have a solution and there are significant projects to figure out the specific breaking point on how we are going to
4:02 am
solve these things because if we don't there is a genuine catastrophe that could happen. >> as you answer this i want to know whether you believe that there is sufficient authority to address these concerns and where we are with about as you respond to this other point. is there a knowledge available to protect against emp there is some available to protect for example the military sees some of its equipment in battle and intelligence centers so there is some technology available on the electric grid.
4:03 am
speaker newt gingrich has referred to the stations i testified about here before that was a study looking at the attack on transformer on transfe cascading of the transformers whether it is the results were not that is what it is about. if i were to protect, i'm not sure, i'm quite certain that those stations wherever they are i would go to the control center's first. they are ubiquitous in every territory, so we have to figure out this risk for the storm or even different from protecting against the physical security
4:04 am
standard for the substations where is the best place to go and that is what mr. manning and others are doing. .. >> i have every confidence they would respond as they have with gmd, physical security and other things they opposed initially. >> senator franken. >> thank you madam chair.
4:05 am
in reading through the testimony provided for today's hearing, it became clear that some of the witnesses are quite alarmed about the threat of the potential societal impact, and others are clearly more circumspect. could you comment on where we should direct the efforts and resources we devote to enhancing security, what should our priorities be, where would you place physical attacks which is on -- cyber attacks, gmd's, and other threats on a triage list. >> it's a difficult question because we are preparing attacks that are very numerous and low barriers to entry like cyber
4:06 am
security. you don't have to be a nationstate a lot of people do it for high-impact low probability. i think the first row we have to have a strategy with all i would probably put cyber security is number one we don't have to stop from physical attacks or protect against solar storms which we are protecting against. i think taking a step back, to me where we should be going through solution is to build resilience into the grid. in a way that we have more redundancy because that works against all risks. i think resilience which is increasingly where our efforts are going is the strategy that works, whether it's a hurricane, earthquake or something else. >> so talking about island mode,
4:07 am
making sure their circuit breakers there the opposite so that if one goes down not everything goes down. >> obviously you cannot have a backup for everything. but we have standards for critical control centers have to have backup, secondary supply lines and so forth. in the geomagnetic disturbance stander, the first part of the stander we put out was an operating procedure standard. when we hear there's a solar storm coming within half an hour there's an immediate transmission to ever control center in the united states. they have to know how to go into safe mode, what i do in the time that have. we might have no warning of a bomb, but for a gmd, that is precisely what they're working on.
4:08 am
>> okay mr. wells and mr. manning can you give the perspective of those who work in the industry and daily face near and long-term threats for security reliability and resilience of our electrical system. which threats do you believe we should prioritize? >> i concur with the chairman. when we're looking at today's environment we see the cyber security threat much higher. we have a significant investment and were going toward that as we speak like to address the perception that we don't have a lot of redundancy built into the system now. that is part of the core of reliability. reliability and low-cost our primary objectives. whether you are talking about transformer capacity or substation or circuits, all of that is looking at the reliability is built back in.
4:09 am
look at how you planned against generation and reserved for different types of events we do that routinely. there are different things were looking at for current day threats that have not existed previously. how we will do with those, the work we do for the efc, one of the striking things you may have heard about the grid exercises which are significant exercises that are developed between the electric subset, and the i sack which is the electric sector. they take a year and a half to develop these and they look at catastrophic type events. some of the learning we get between the federal government partners in the industry is more of an understanding of how much redundancy is in the system and some of the issues we have to share information of how were
4:10 am
going to be more resilient and respond. those are an ongoing approach for us on a continual basis. the differences the threats are changing. that is what we found with the mp threat. without there is a cold war and we didn't have to worry about it anymore. nor did we have a kind of sensitivity. we didn't have them as their sensitive as today. as the threats evolve we have to get more understanding of how they impact what we do. we also know these your threat right now to us as the cyber security threat. >> i know i'm over. instrument in which you respond to that? >> the first thing that came to my mind is that we like the information to make that decision, that we react based off of our experiences. if we have a high probability of cyber attack we immediately respond to cyber issues. we lack sufficient information
4:11 am
to understand what the probability is and what the severity is of attacks like emp. the information is becoming clearer and we are beginning to understand it. once we have adequate information about emp we can balance that sufficiently with threats like cyber security where we have quite a bit of information. we talked about it earlier that risk is about managing probability and severity. in the industry we can do nothing about probability of an emp attack. were focusing our efforts on severity. if we can reduce the consequences of an emp attack to the point where the probability no longer matters than i think we have made progress. >> i just want to make one less common, is this an argument for more distributive energy? more solar panels on rooftops,
4:12 am
more highland mode energy? >> we will leave that question hanging. >> it's a hanging question. >> i will start on the floor. madam chair, the outage after the nuclear atmospheric nuclear test, was that due to an e1, e2, or e3? >> i believe it was e1, communications equipment that was destroyed. >> mr. manning, you have looked at e3 and found it to be less consequential than a severe gmp. what i read in my notes is that e2's armor like lightning. it seems like e1 is he said not yet tested. again coming up to speed with what you know, so that his communications with that threaten the grid over this be
4:13 am
more likely to affect communication. >> if i can circle back on the question, our findings on e3 are partial, there still additional work to be done. we specifically impacted bulk transformers. with a 1,037,000 bulk power transformers in the u.s. grid. as a result of only the e3 pulse we discovered the damage to those would likely be less severe than originally thought. >> i only have three minutes. >> it has correlation but it is not directly related. however, you cannot stand that up on its own. it must be associated with the plethora of energy waves from a nuclear attack. you must consider all of them together. we have only begun to consider that. >> so whatever my question but e1 has to be considered within
4:14 am
the context of the other. >> unless it is a handheld device which is only anyone pulse. >> madam chair, speaking of the geomagnetic, what i quickly read about the carrington event is there is a 17.6 our lead-in. they saw the flare but the physical effect was not seen. i read in some places than hook their telegraph from the power source. typically you would have a several day lead-in. he was to the flare, that said, if there is such a flare from the sun everybody could go home on plug their computers and then otherwise protect their equipment? >> if much more so than in 1859 our weather satellites give us good information, usually several days ahead we know something is coming but the details of where it will go is more like an minutes and hours and days.
4:15 am
that is the purpose of the operating procedure standard communicated to the control centers so they can protect the high-voltage transformers which take longer to replace which are the most impactful equipment on the system. in theory, you could protect your own equipment, but the solar storm doesn't have the same effect on communication. i don't think there's a lot of concern that it would destroy home electronics. >> i was using that as a metaphor. >> electric companies could do things like that. >> so we do have some advance notice and could take some protection. >> that's why is the first standard we put in place. you don't have to do equipment modifications is just planning of what you would do. even when i used to run the company only add hurricanes or snowstorms coming sometimes you configure your system in a different way to prepare because
4:16 am
you know where your vulnerabilities are. >> going back to the point that senator franken made. i read about a 1989 geomagnetic storm which only affected qu├ębec and a few australians. but as far as i know did not affect louisiana. that said, he tells me even though we worry about this being global at times we have these two men netted storm senate is local. >> it depends on the size of the solar flare. most are regional. our standard in effect requires specific medication depending on the latitude and soil. louisiana is closer to the equator, in general you have a lot of hurricane issues but this particular problem closer to the
4:17 am
polls is considered more exposed. >> so what you're saying is we really do have an understanding and some advance warning if we can prevented it is better of these for that which might come from the sun, granted it could overwhelm the speaker mention that. but we are somewhat prepared from the from the solar. >> because we monitor all of the time some of the transformers have monitoring attached and they can get regular updates on what's happening with the sun and how it affects them. fortunately we don't have a lot of experience monitoring explosives in the upper atmosphere. so you can develop the fact-based experienced information like with the sun. >> i yelled back. >> thank you madam chair and thank you to all of our witnesses. this is a very hectic day.
4:18 am
the speaker knows little bit about what those are like. i want to know the point that has not been me, in the skinny budget, the cuts the administration is looking at for agencies like noaa and nasa is going to make it much tougher for the congress on a bipartisan basis to deal with the important issues were talking about today. there's a role for government to play as it relates to improving the resiliency of the grid. those are the questions i want to touch on with all of you. mr. manning as you know what were concerned about in our part of the world is large earthquakes. this is a major major issue for the people of the pacific northwest with respect to the issue of resiliency. my take with respect to the science and it picks up where senator franken is trying to go.
4:19 am
micro grids and distributed energy resources rooftop, solar and energy storage can play a real role in helping the grid quickly recover if you get hit by an event like this. for you, could you briefly walk the committee through the role these technologies could play and adding resiliency to the electric system when were thinking about a physical threat like it cascadia disaster. >> it's a next line question. there's no doubt that distributive energy that is connected introduces redundancy to the grid as kevin mentioned earlier redundancy is a part of reliability. the more we can adding couple into the grid the greater
4:20 am
potential we have for increasing reliability. it's not a failsafe. distributive energy is probably next in solution to offer alternatives to centralized generation in the events by contrast there's nothing that specifically attacks those energy resources any better than the centralized energy resources. so you're likely to see a control system for rooftop solar storage are micro grids also impacted. also be rendered ineffective unless their heart and specifically for that. for weather events and potentially cyber events they add value because they had redundancy. >> thank you. and that is a next line question. another example of how government and industry have come together to think about how we will address impact to the
4:21 am
grid from some of these lower probability, high-impact events. in 2016 a major exercise call cascadia rising focused on this. on the fact that like a carrington event we are overdue for the scale of earthquake in the pacific northwest. i would agree that distributive energy can help speed restoration to the communities, but this is another type of incident where we really need whole community effort. when you think about the damaging consequences we will see in something like this. it's important to continue to do the large-scale exercises that bring together state, local
4:22 am
government to think about what the impacts will be to the grid in communication and transportation. how will we get basic commodities into this area. how will we make sure first responders can get it in the utility of the linesman to help get the systems up and running. it's not an easy challenge. it is why we bring folks together to think through what are we dealing with and how will we speed recovery. >> thank you senator rich. >> thank you for holding the hearing. we for criticism or concern about the government's response to the growing threat of grid security and cyber security. in large part i think there is criticism to be had and all a lot of concern to be had. part of it is grown out of frustration.
4:23 am
i think there is not a lot out there about what the government is doing. i sit on the intelligence committee and i can tell you that these issues have not been ignored by the united states. i think most of what we talk about cannot be discussed in this setting. so, in that regard it isn't quite as bad as what everybody's saying. your deep insights into the consequences are greatly appreciated. we've been through these exercises but your statements are certainly not overstated. but i would take issue as far as your recommendation if we have an infrastructure bill coming.
4:24 am
but i can tell you based on what we know of where we are and what we are doing, i think it's appropriate at some point in time. we are not ready yet. we saw what happened tonight we had this to trillion dollar bill to stimulate. when he started throwing money at the walls a lot does not stick. the term shovel ready was used a lot. we are do not have shovel ready products yet. certainly we need more research and that can be included. be a little reluctant to start digging on lane step in the ground at this point. there are things going on and i think a lot of us on the intel community are convinced the next
4:25 am
significant event in america is going to be a cyber event. that's where we have vulnerability. but the grid is linked to that. and the bad guys have asked what is the most concerning right now. we have to be able to walk and chew gum at the same time. as we sit here today there are different people working on different ways to attack us. these are all included whether it's north korea or other state actors and nonstate actors trying to get us through the grid and through cyber security. thank you for the shout out today, obviously we are becoming the go to an flagship on grid security. use of the test that we had out there on grid security are working with the private
4:26 am
industry. i think most americans would be very pleased to see what's going on in the things we're doing to try to mitigate them as we go into the future. in any event so we will continue to work on this. i think it is important. i really appreciated the description of risk management. if you sit here for a while today you realize the threats to america and how many there are and how diverse they are. and where the widespread places they come from. there are a lot of people out there is no reason what to do us harm and yes we need to be able to walk and chew gum at the same time and address those threats. you have to do it on a risk-management basis. there is not enough money in the world to protect us 100%.
4:27 am
whether it be the grid or cyber security or just a normal cannot attack. there is frustration express for the department of defense. we work the department of defense all of the time. i think the criticism is well taken. i say this with great love and respect, but they are much more focused on the classical kind of warfare in the classical kind of that we have always challenge them to provide for america. these new things coming along like cyber, grid and what heavy haven't been in their wheelhouse. they're getting up to speed associate electrical industry. one of the most telling things we her in the intel community as we have the experts on the grid and i think this put it in perspective for me.
4:28 am
when you work on his problems and try to predict what happens and try to design a defense to, the people tell you when it comes to cyber security we are our where the wright brothers were. we don't know what we don't know. we keep learning thanks. a good example of speaker gingrich pointed out that all of this stuff is designed for efficiency. when you design it for efficiency you design it in huge vulnerabilities. ukrainian attack taught us some legislation came out of that. that is the ukraine attack was not as bad as what it could have been because the system wasn't very efficient. it had to go through human beings. then the human beings recognize rose going on and were able to mitigate it.
4:29 am
the co-author s79 that brings the back to the future bill where you back up and start to look at these efficiencies and see if there's places where we can put in these things. i have talked long enough. incredibly important here thank you for holding it. >> we appreciate that input. senator king. >> first i want to welcome speaker gingrich. always a pleasure to have the insights. i remember the day we spent in maine when we are lonely voices talking about regional education in 2000. mr. manning, i think this gets to where we have been focusing today, you mentioned the distributive energy and said it could be a part of the redundancy and unless they are hard and you said.
4:30 am
that's my question, other reasonably priced hardening tools out there. could we build into every house some kind of high test surge protector and by the same token similar kind of device in the grid back at the transmission point? >> i think the answer to that is, there could be. today it is probably not as we just heard shovel ready. there are different components that need to be added together. particularly for home-based equipment. you'll have to think about it differently and make complete design changes. >> are the utilities thinking about this for their critical points? in other words this is an
4:31 am
insurance question. how much is insurance gonna cost versus the risk. >> one of the things we are doing for the report is taking the military standards and converting those two utility standards. what we will find is applying those utility standard probably will be expensive. very difficult and challenging and it's hard to do. so utilities may still choose to pick nine points or something like that and harden those points of military standards. it will not be practical to support the system until we develop more effective a lower-cost alternative. >> seems like it's a place for ingenuity and creativity to market.
4:32 am
an important market for homes and for the grid itself. the bill that you mentioned is mandates a study, suggests a study involving the national lab in several volunteer utilities and the possible importance of putting at certain points at the grid analog devices which save the grid in ukraine. that is exactly what were trying to do. both of us are on this committee. it's a great bill, madam chair. i think we've done a lot of thinking about it. we cannot defend our cell. we can install defenses that they far outweigh the risk, and how do we get products that can
4:33 am
solve? >> first, every member of congress should be briefed on hybrid warfare. that's what you're seeing in ukraine. it's what makes everything come together simultaneously. >> we are seeing word warfare change before our eyes. >> from efficiency to looking at resistance, resilience and redundancy. we have to rethink from the ground up what we mean what's homeland security means. i walked in and said i've been thinking of how to run our cities and can't decide if we should cut out food inspection, the sewer, the fire department or police, which to think we should drop? because that's what were doing now. we have no choice so to look at the totality of disasters and decide that were gonna figure
4:34 am
out a design you can't say let's set priorities because the money pick might be the one that kills you i very seldom do book review some a newsletter. it's called the weapon wizards. i like every member of congress to read it. it's the israeli capacity to innovate and how dramatically they have done it and they are really cheap. one of the things i hope trump will bring to the pentagon which is a conservative i like to see reduced from the pentagon to a triangle by eliminating 40% of its redundancies. i made it quite seriously. since we have to design an overengineered obsolete model based on work done in 1963, few apply to the grid you couldn't afford it. the answer is what if you asked
4:35 am
every smart young person in america to come up with a 9-dollar version that can be sold on amazon. >> exactly. we've had testimony at the m services committee that silicon valley will not deal with the pentagon. because i call it -- but that would be so because it is so burdensome and cumbersome. we are losing the innovation race. >> at least half is a congress which imposes patterns that are stunningly stupid that if they would look at the past and get rid of half of that and then challenge the bureaucracy to get rid of the other half you be startled to hear how rapidly we would be innovating. >> i'm shocked you would use the word stupid and congress in the same sentence speaker. >> thank you. i think all of you for being here. i appreciate it. it's always good to have you.
4:36 am
first of all, anybody clear to this. the likelihood of the mp attacks of where were most vulnerable in this place we have competing committee meetings. as a basically from a weapon from another country or can it be homegrown to do damage to the delivery system? where are we most vulnerable? >> what are you concerned about the so-called fouquet cmt, a handheld device is much easier to build than a bomb. let's also easier to protect against. some things were doing we do know how to protect things.
4:37 am
i think that's more likely. >> are you requiring i can tell you we have a lot of powergenerating in west virginia. and we light up most of the east coast. if we ever turn the coal off, it would go dark. i've seen substations very vulnerable. are you requiring them to solidify them? >> what it did was require each company to identify the most critical substation and come up with a specific plan to mitiga mitigate. >> is anybody inspecting? >> yes. we are inspecting survive a situation i can call you? >> yes, always. i think the high-altitude is i
4:38 am
don't remember the attitude you used in your question more troubling because unlike we do not understand. >> ambassador i don't how to put a probability statement on it. let me give you a few facts. in 2004, several russian generals who are expert in emp and i would note they did more effective test on this affect and overpopulated areas than the 62 and 63 timeframe that we did. they learn more about it than we did. they told the commissioners that they had passed inadvertently i think they said that the information on how to design a super emp weapon that is a low yield that but -- to the north
4:39 am
koreans. who in turn as you know worked in the direct alliance of iran on everything. north korea by most estimates has already anywhere from 10 - 20 nuclear weapons. we take comfort in the fact that there has been your low yield tested north korea. low yield is what you use to produce super emp weapon. they alleged they can launch this, they don't allege, a lot of experts in a claim they can launch this or put it in the satellite. which close toward the united states buyer on defend itself. we have no defense against that. nor do we have a defense against missiles launched from ships in the gulf of mexico. we know how to do it. it's not a matter of ignorance. or matter of cost either which i
4:40 am
be happy to defend at another time. we know how to do it, we just and they are not doing it. we are deploy -- and i'm proud of that because i started it it's the i program. it's going round the world on our ships and it's deployed on the grounds in romania, we ought to put a site in panama city on first air force base were first air force has a responsibility of your defense of the united states. give them a missile-defense mission too. >> not if we bring the into raphe. >> the vulnerability basically is reliability to the grid system. do you feel comfortable that the
4:41 am
system is grid with the polar vortexes down? where we today. >> with the amount of diversity going into the grid for electricity sources. >> today we still have quite a bit of fuel diversity. call as you refer to plays an important role in baseload and in most parts of the country. we have increasing natural gas and renewables. the system operators. >> to consider gas as being a baseload? >> the big combined cycle summer runners baseload. >> but are you concerned? baseload to me means uninterruptible power. : nuclear are uninterruptible, they have what they had. gas has a pipeline delivery
4:42 am
system that can be targeted from terror or any other natural disaster. we're building baseload of something that could be interrupted, is that correct? >> it is correct to the extent we rely on gas we have to build and fuel security that is different than the fuel security of cold. >> what is your feeling of comfort on the reliability of the gray? >> i think most parts of the united states or will supply but we have places where there are constraints. operating the grid with new technologies is something we are working on. >> anybody have anything else. >> we've talked about e1, he to come in three. you want is a high-frequency, high amplitude narrow pulse that causes damage to solid-state
4:43 am
electronics. our natural gas pipelines, portions of the grid itself in petroleum pipelines probably are controlled with units that are vulnerable. if we haven't taken special precautions and my information is that we have not. so we have critical of the structure to the operation of all of our grid to these kind of affects. from nuclear high-altitude explosions. as i said earlier, i don't how to put a probability statement on but the threat is real. i've worked on these problems for most of the half-century since we began seriously improving our strategic system. we set priorities, we did not try to harden everything. we harden what we thought was most important thing. in my opinion in the grid we
4:44 am
should be paying closer attention to our nuclear power plants to make sure they're not a hazard if the grid goes down and they have to shut down and we do not want fukushima's all over the place. i meant to bring them back up to help celebrate. >> thank you senators there has been discussion here about what we see out of israel with their level of innovation. ambassador you have referred to other initiatives run the global but in terms of what other countries are doing specifically to address other emp related event, is anybody leaving the way? are there best practices that we might want to be looking to? who is doing good things? >> israelis, united kingdoms.
4:45 am
>> it to what extent do we cooperate with them? >> there's a big difference between their government tends to patrol what is going on. this country as i said we have a crazy quilt of electric power companies across the nation. why i believe we have to work from the bottom up around the nuclear power plants, keep them safe and bring them online we get 20% of the nation's electricity from those. that's a valid resource if we lose the entire grid. today, i don't have confidence we can do that because we do not have the crazy quilt components connected. we have a serious problem. we have been ignoring the. i have and not trying to point fingers but that is the reality. >> thank you for the question.
4:46 am
we have an mou with israel, norway and other countries in the u.k. to work on these things. in the solar storm area, scandinavia is probably doing the most. obviously their location justify it. >> the united states has a location called alaska. >> my feelings exactly. that is why gmd has been one of my biggest priority. on the grid security defense i would agree with the ambassador that israel the entire israeli grid is a different society and the way things are run. we have a much more open society in terms of the power how the infrastructure is designed to set up.
4:47 am
so insecurity a think israel is leaving. >> let me leave you with one question. again i will allow anybody to step in but you mentioned this crazy patchwork that is out there. some have mentioned the reparative public-private partnership. in order to have a public-private partnership that has to be trust, a willingness to share information. in fairness, think we have seen instances where information gets out and you get burnt in the media and probably the most current example is what happened in december in vermont's. as i understand it burlington noticed an alert about a suspicious ip address.
4:48 am
it connected to one of the computers. it responded and recorded. the next day the washington post learns about it and then he have reports about russian hackers infiltrating and later follow-up shows the ip address wasn't malicious activity. you really have eroded trust that may have been about there. so how do we do a better job? how do we restore trust and build a relationship but it's going to be necessary? >> i think we have a perfect example that the industry has built what the electric and the department of energy and security, there's no doubt it was a significant issue in learning experience. one thing that needs to be taken away as it proves the effectiveness of getting information out. information came out that here suspicious eyepiece to look for.
4:49 am
the function worked. was there communication issue a potential issue associated with a? yes. were working on fixing that and other issues. the relationship between the industry within the industry and the federal government is stronger than it has ever been recognizing that we have common issues and we need help to make the nation stronger. i think were doing a good job. there's a lot of threats and issues but many examples of how that relationship has worked. we'll talk about that we should think about five years ago you did not have a lot of security clearances in the industry. now even a utility our size has six or seven people that have security clearances. were able to do things he couldn't to before. we can share information that we
4:50 am
couldn't do before. it's a learning experience and we understand the challenges and are on the way leas for sector to do that. were also interested in trying to build a stronger relationship with those other connected sectors with issues. in making sure that we look across the cross sector coordination. along with the electricity sector can have that functionality. >> i am encouraged to you say things are getting better in terms of providing that level of security clearance. we had a hearing six weeks ago where that issue was raised about the frustration with how long it took and it was a former member who was former head of an intelligence committee on the house side. and still having trouble. >> i do not know what the current processes but the number of people that we got in through
4:51 am
that process was much higher. >> an excellent question. while the incident you refer to is unfortunate, i would say overall the trust that's been established between government and industry in the partnership is stronger than it's ever been. kevin alluded to many of the activities we have underway. my former position i ran the private sector clearance program which is the program that provides clearances to infrastructure owners and operators who have the need to know. when i left there is roughly 3000 owners and operators with clearances. what happened is opm has slowed the ability for us to provide the clearances in a timely manner.
4:52 am
those timelines are clearing up. the clearances and many other authorities that congress granted dhs that's everything from the protected critical infrastructure program to the critical infrastructure partnership advisory committee which allows us to share information and ask for vulnerability information from owners and operators to protected from state sunshine laws and foia so we can take that information and investigate different six. we can push it out as a key part of how we share information. this part of the correlating counsel we bring industry in on a regular basis to provide them the threat briefings to help them understand the complex risk environment. we can have conversations that are not available to the public about what we should be doing to protect the infrastructure. the list goes on.
4:53 am
better understanding the intersection of these critical lifelines in the vulnerabilities caused by the and how we can ensure and have plans in place to mitigate cascading impacts in the event of incidents were talking about. as we begin to modernize our infrastructure and moved to smart cities, i can underscore the importance of bringing security and at the beginning. you need them sitting next to the coders, architects and builders. it's imperative. security is a new normal. it's a differentiator for cities and utilities and it has to be one of the core principles. >> and bester cooper, wrap up. >> thank you madam chair.
4:54 am
>> i want to comment on the last discussion about security. somebody needs to do a serious look at the levels of security that is inhibiting this kind of open discussion of what the environments are that the industry has to decide against as well as other factors. i don't believe there is an absence of technology to deal with the emp issue in an affordable way. and i want to make one more point. i agree with you about the need for trust between the parties that have to deal with the issue. that is why i gave up on trying to get institutions in washington and states to deal with the issue. lots of folks have tried and are frustrated by the issues you mentioned. that's why i'm working closely at an individual level with key people when i say local i mean three counties right now. we will couple in to the
4:55 am
exercise this november. to expand our lessons learned outward in south carolina and elsewhere. i think we have to wake up to the sense of priority in dealing with issues. the mp commission has looked at the briefings that some of the folks at the table has given. it is their assessment that they're underestimating the threat. the magnitude of the e3 component for nuclear devices larger than for the solar device event. if we harden the event for solar threat we will still leave ourselves vulnerable for the other. in addition, your the one is a component that threatens a solid-state electronics and that includes distribution systems for petroleum and natural gas.
4:56 am
we need to deal with the issue in a very direct way. we have hope that what were going to accomplish locally and when i say island, i want to build an island round dukes nuclear plant, coal plant, all of that lake so the local people are engaged in working the problem. by the local people i mean the mayor, city council, political level. but joe sixpack who understands what we're doing to the national guard and so on. they understand issues and is committed to work with us and expand out ther outward. i believe that's how you go to build trust among key players that are required to cut across
4:57 am
the quilt patchwork that i tried to describe earlier. that is not to argue against initiatives at the state or federal level. a lease that raises consciousness about the nature of the threat. the devil is in the details. we learned hard lessons in the department of defense that it's not just having the right design or the right deployment. it's not even just having an operational concept that is important. if you don't test it, i don't believe it. we learned through hard experience that maintenance and operational systems that were well designed and deployed, we create holes by which emp can get through. this is a hard problem. we have to choose where we were carefully protect where we need to work to assure the viability of the grid and the american people.
4:58 am
>> ladies and gentlemen, thank you. this testimony this morning and the questions and responses back and forth have been very helpful. this is but a great discussion. i appreciate the suggestions had also appreciate the urging that we really not let our guard down recognizing this is complicated, multifaceted, and that requires an attention to that is daunting. just because it is daunting does not mean that we should not be working with you, with our agencies, with the sector, across country. i appreciate what you said about starting out local in understanding the implications, not just those that we have on
4:59 am
the day today but helping educate americans about our vulnerability and what we can do to reduce that. it's always important congress that we are reminded of the urgency of imperative of our task. we were given that message this morning. i thank you for your contributions. with that we stand adjourned. [inaudible] [inaudible] [inaudible]
5:00 am
[inaudible] [inaudible] [inaudible] [inaudible] [inaudible] [inaudible] [inaudible] [inaudible]
5:01 am
[inaudible] [inaudible] [inaudible] [inaudible] [inaudible] think it is fair that there needs to be more done to -- he
5:02 am
reminded us all that their sensitivity to it. [inaudible] [inaudible] [inaudible] i don't think you should all think that we are all dependent waiting in our lanes. there is collaboration going on. so how do we make that work.
5:03 am
we have been trying to build a comprehensive cyber security bill for how many years. we have approached her from the energy committee's perspective here. new line. [inaudible] [inaudible] >> i don't think you need to reinvent the will just to say that we did it. it's important to look at what is going on with other countries. israel is repeated at the end very aggressive, what more could we be doing with the agreement
5:04 am
with various nations, are we doing enough in that space? this is not something. >> i do think that is important. it's a reminder for me. >> i need to get to the office. thank you for giving me the attention. . .
5:05 am
[inaudible conversations]
5:06 am
5:07 am
5:08 am


info Stream Only

Uploaded by TV Archive on